[Resolved] explorer.exe infected by: Win32:Dropper-EBJ [Drp]

Viruses and worms
1

alright, so Avast cant remove it, cant quarantine it, cant repair it

MBAM didn’t help either, problem still exists

so then I did the OTL quick scan with the following log:

ok, I hope I provided all the neccessary info… I’d really appreciate if someone was able to help me
google tells me nothing about that virus

edit:
hhmmm, how am I supposed to post the log?
I’d have to use like 10 posts… or can I just use the attachment function?
what’s the prefered method here?

2

well, I’ll just attach everything :slight_smile:

sorry for the german version of MBAM, but it didn’t find anything to begin with

3

Hello freezeTT and welcome to the forum. :slight_smile:

Although you performed your MBAM scan without updating it first and the log is incomplete, I think we can work with your OTL logs, which show problems.

Can you tell me what problems you are experiencing with you machine and when they started?

4

Also, did Avast tell you that the infection (virus) was Win32:Dropper-EBJ [Drp] or how did you know it was this type of virus? What type of scan did you do with Avast and did you try to put it in the Virus Chest?

5

well, my machine was running the whole night while I was out yesterday
today when I woke up and sat down at the PC, the explorer already crashed… meaning no taskbar, no desktop shortcuts… everything else was running fine

I can use firefox, iexplorer, skype, everything basically, except for the explorer

as soon as I try to access it, it just crashes

the other thing is, as soon as I google for the virus (this only applies to firefox) and click on a link that adresses the issue, I’m re-linked to some other crappy sites, those are blocked by avast though
something preventing me to get additional info
like there’s an avast update that’s listed in google for that virus and I cant click that link… well I can click it, but I’m being forwarded somewhere else

do you want me to do an additional scan with MBAM with an updated version?

edit:
yes, I did the intial scan with avast to see what kind of virus that is… and no, avast cant perform any task concerning that virus… I did a quick scan

6

Hi,

Before giving any manual for clean-up your windows, tell me if you have windows installation disc?

7

Not at this time. But if you are instructed to run an MBAM scan again, you always need to update MBAM first, then do the scan.

So Avast told you this was the virus. Did it give you the option to put it into the Virus Chest at that time when you did the Quick Scan or was Avast not working properly at that time? I noticed in your OTL log that your Web and Mail Shields are on-demand; having the Web Shield on-demand is dangerous for going on the Internet. It could have been the virus doing this or did you disable this?

8

Omid, I’ve already referred him to Essexboy. I’m collecting information needed for the referral to him.

9

hi
I do :slight_smile:

yap, just didn’t think of it, at that time, but I already updated it right now

hhmmm, Avast was and still is working fine. Can’t see any suspicious activity tbh
about the web and mail shield… do you mean in avast? everything is turned on and I didn’t disable anything

edit: alright, installed the english language package for avast… I know why I hate installing stuff in german… when you need help, you always have to dbl check every option, hehe
so you meant the avast stuff… ya, it is all enabled and I never touched it, should’ve been enabled the whole time

10

I do not want to give you any clean up instructions at this time. I have referred you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.

Please do not make any further changes to your machine now that you have provided the logs.

Also, please do not use your machine unless absolutely essential; do not keep it turned on. If you have another machine to use to check the forum or email, that would be preferred. If you are on a network, please turn the infected machine off from the network as a precaution.

Let me know if you have any questions. Thank you.

11

thanks for your help so far, really appreciate it

I wont change anything… everything will stay the same

thx again

12

No problem. So don’t do anything else with your machine and turn it off for now. Essexboy will be reviewing your logs in while since it is the weekend, so you can check the forum later. He will give you specific instructions on things to do.

13

Omid is on the right track as windows 7 has some good repair tools, but they are not installed as standard. If it was an OEM windows installation then they are not present and you would need to download the recovery disc.

So the first option would be to use sfc to replace explorer, although looking at the MD5 it appears legit

Go to start > All Programs > Accessories
Right Click Command Prompt and select run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

If that should fail as it may well do then it will be time to run the Dr Web scan from safe mode to attempt the removal of the possible ads attached

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Once completed let me know if the problem still exists - if it does we will inspect the MBR next

14

wow… the sfc /scannow seems to have done the trick

everything works again, no more explorer crashes

an avast quick scan shows no more threats

very very nice essexboy
thank you very much

and also thanks to Omid and SafeSurf
really appreciate your help here
just awesome

thank you so much guys :slight_smile:
you saved me a /format c: :smiley:

15

I love starting simple ;D

16

@ freezeTT,

Let your machine run for a 1 - 2 days to make sure everything is working fine. If all is going well and you feel that your issue is resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed.

Feel free to come back any time you need help, to learn something new, or just to ask questions. We are here 24/7 for your convenience. Thank you for letting us assist you. :slight_smile:

17

will do, will do :slight_smile:

let’s see how long the machine runs without problems

and thx again

18

I’m haven the same problem on a system at a store. I’ve got avast internet security, and it says my explorer.exe file is infected with the exact same virus. I’ve tried running the prompt but i dont know my admin password… (issue i know) I dont want to roll back to last known working configuration because of bookkeeping. I’m trying to help out a friend and I just installed avast on the system today, previously they didn’t have any anti-virus software to speak of. I do have the SP3 disc and every time i try typing the sfc/scannow nothing comes up, or it tells me i need to run it as an admin. PLEASE HELP ME ASAP! They get no start menu, no icons, nothing, i’ve been doing everything from the task manager. I’m worried that this will infect the other systems on their network, or corrupt their book keeping software. Is there anything i can do from just the SP3 disc that wonlt result in a loss of data?

19

@ Lunchbox404,

You need to start a new thread/topic as this one is closed (resolved).

To start a New Topic of your own as this will just confuse the current thread and we will help you there.

Go to this link, http://forum.avast.com/index.php, scroll down to the Avast Virus and Worms forum and click it, click the New Topic button at the top of the list and post there. We will help you there (cut and paste your last post to the new post but add system OS and security software information as well). Thank you.

In addition, please do the following:

  1. Disconnect the infected machine from the network.
  2. Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTL logs. Post the MBAM log here and the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

Please do not make any further changes to this machine after you have provided the logs (use another machine to check the forum). We will refer you to our Certified Malware expert, named Essexboy after you post your logs. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in your new thread, so remember to check your thread daily (from your non-infected machine, but have the infected one nearby so you can work on it).

Try to find our your Administrator password as you will most likely need this. Please let me know if you have any further questions (in your new thread). Thank you.